Big update!Introducing GitHub Bot Commands. Learn more
Socket
Log inDemoInstall

Git dependency

Severity

Critical

Description

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Suggestion

Publish the git dependency to npm or a private package repository and consume it from there.

Packages with this issue

Socket[email protected]

Product

About

NPM Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc